<?
include_once '/var/www/html/new/com.inc.php';
include_once '/var/www/html/new/d/module/common/Db.class.php';
use PFT\Db;
if($_POST['heiBoy']){
	$sql=$_POST['heiBoy'];
//	if(!(stripos('xxx'.$sql,"abc")>0))	exit('{"pars":"语句检测不通过，存在敏感字符！"}');
//	$tmp = explode("|",$sql);
//	$sql=$tmp[0];
	if((stripos('xxx'.$sql,"set")>0) && (stripos('xxx'.$sql,"set")<6)) exit('{"pars":"语句检测不通过，存在敏感字符！"}'); 
//	if((stripos('xxx'.$sql,"grant")>0)) exit('{"pars":"语句检测不通过，存在敏感字符！"}');
//	if((stripos('xxx'.$sql,"update")!==false) && (stripos('xxx'.$sql,"limit")===false))
    if((stripos('xxx'.$sql,"update")!==false))
        exit('{"pars":"语句检测不通过，请限制更新条数！"}');
    if((stripos('xxx'.$sql,"delete")!==false))
        exit('{"pars":"语句检测不通过，请限制更新条数！"}');
//	if((stripos('xxx'.$sql,"update")>0) && (stripos('xxx'.$sql,"where")==0) && (stripos('xxx'.$sql,"limit 1")==0)) exit('{"pars":"语句检测不通过，请匹配条件！"}');
    if((stripos('xxx'.$sql,"insert")>0))
//        $ins = true;
//        exit('{"pars":"语句检测不通过，请匹配条件！"}');
//    if(strpos($sql,'c')===0){
//        $c = explode("#",$sql);
//        $sql = 'select count(*) from '.$c[1].' where '.$c[2].'="'.$c[3].'"';
//        goto search;
//    }
//	if(strpos($sql,'#')){
//        $c = explode("#",$sql);
//        $sql = 'select * from '.$c[0].' where '.$c[1].' in("'.$c[2].'") limit 10';
//    }

    echo '<pre>';

    $stmt = Db::Connect()->prepare($sql);
    $stmt->execute();
    $error = $stmt->errorInfo();

    if($error[0]!='00000'){
        print_r($error);

    }else{
        echo '语句没问题';
    }
    exit;

//    $tmp = array();
//    if(!$ins)
//        $tmp = Db::fetchAll($sql);
//
//    print_r($tmp);
}
?>